Part of twisted.conch.ssh.userauth View Source View In Hierarchy
Known subclasses: twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient
Instance Variables | name | the name of this service: 'ssh-userauth'
(type: str
) |
preferredOrder | a list of authentication methods we support, in order of preference.
The client will try authentication methods in this order, making callbacks
for information when necessary.
(type: list
) | |
user | the name of the user to authenticate as
(type: str
) | |
instance | the service to start after authentication has finished
(type: service.SSHService
) | |
authenticatedWith | a list of strings of authentication methods we've tried
(type: list of str
) | |
triedPublicKeys | a list of public key objects that we've tried to authenticate with
(type: list of Key
) | |
lastPublicKey | the last public key object we've tried to authenticate with
(type: Key
) |
Method | __init__ | Undocumented |
Method | serviceStarted | called when the service is active on the transport. |
Method | askForAuth | Send a MSG_USERAUTH_REQUEST. |
Method | tryAuth | Dispatch to an authentication method. |
Method | ssh_USERAUTH_SUCCESS | We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service. |
Method | ssh_USERAUTH_FAILURE | We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success |
Method | ssh_USERAUTH_PK_OK | This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. |
Method | ssh_USERAUTH_PK_OK_publickey | This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. |
Method | ssh_USERAUTH_PK_OK_password | This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. |
Method | ssh_USERAUTH_PK_OK_keyboard_interactive | This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. |
Method | auth_publickey | Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False. |
Method | auth_password | Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. |
Method | auth_keyboard_interactive | Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. |
Method | signData | Sign the given data with the given public key. |
Method | getPublicKey | Return a public key for the user. If no more public keys are available,
return None .
|
Method | getPrivateKey | Return a Deferred that
will be called back with the private key object corresponding to the last
public key from getPublicKey(). If the private key is not available,
errback on the Deferred.
|
Method | getPassword | Return a Deferred that
will be called back with a password. prompt is a string to display for the
password, or None for a generic 'user@hostname's password: '.
|
Method | getGenericAnswers | Returns a Deferred with
the responses to the promopts.
|
Method | _ebAuth | Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method) |
Method | _cbUserauthFailure | Undocumented |
Method | _cbSignedData | Called back out of self.signData with the signed data. Send the authentication request with the signature. |
Method | _setOldPass | Called back when we are choosing a new password. Simply store the old password for now. |
Method | _setNewPass | Called back when we are choosing a new password. Get the old password and send the authentication message with both. |
Method | _cbGenericAnswers | Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. |
Method | _cbGetPublicKey | Undocumented |
Method | _cbPassword | Called back when the user gives a password. Send the request to the server. |
Method | _cbSignData | Called back when the private key is returned. Sign the data and return the signature. |
Inherited from SSHService:
Method | serviceStopped | called when the service is stopped, either by the connection ending or by another service being started |
Method | logPrefix | Override this method to insert custom logging behavior. Its return value will be inserted in front of every line. It may be called more times than the number of output lines. |
Method | packetReceived | called when we receive a packet on the transport |
Parameters | kind | the authentication method to try.
(type: str
) |
extraData | method-specific data to go in the packet
(type: str
) |
Parameters | kind | the authentication method
(type: str
) |
string methods byte partial success
If partial success is True
, then the previous method
succeeded but is not sufficent for authentication. methods
is
a comma-separated list of accepted authentication methods.
self.preferredOrder
, removing methods that have already
succeeded. We then call self.tryAuth
with the most preferred
method.
Parameters | packet | the MSG_USERAUTH_FAILURE payload.
(type: str
) |
Returns | a defer.Deferred
that will be callbacked with None as soon as all
authentication methods have been tried, or None if no more
authentication methods are available.
(type: defer.Deferred or None
) |
Parameters | signedData | the data signed by the user's private key.
(type: str
) |
Parameters | op | the old password as entered by the user
(type: str
) |
Parameters | np | the new password as entered by the user
(type: str
) |
Parameters | responses | a list of str responses
(type: list
) |
Returns | (type: bool
) |
Returns | (type: bool
) |
Returns | (type: bool
) |
Parameters | password | the password the user entered
(type: str
) |
Sign the given data with the given public key.
By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().
This method is factored out so that it can be overridden to use alternate methods, such as a key agent.Parameters | publicKey | The public key object returned from getPublicKey
(type: keys.Key
) |
signData | the data to be signed by the private key.
(type: str
) | |
Returns | a Deferred that's called back with the signature
(type: defer.Deferred
) |
Parameters | privateKey | the private key object |
publicKey | (type: keys.Key
) | |
signData | the data to be signed by the private key.
(type: str
) | |
Returns | the signature
(type: str
) |
Return a public key for the user. If no more public keys are available,
return None
.
None
. Override it in a
subclass to actually find and return a public key object.
Returns | (type: Key or
NoneType
) |
Deferred
that
will be called back with a password. prompt is a string to display for the
password, or None for a generic 'user@hostname's password: '.
Parameters | prompt | (type: str /None
) |
Returns | (type: defer.Deferred
) |
Deferred
with
the responses to the promopts.
Parameters | name | The name of the authentication currently in progress. |
instruction | Describes what the authentication wants. | |
prompts | A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. |